Classic RFC 2307 Zones (3.x, 4.x)
The classic RFC 2307-compatible zone is similar to the classic IBM Security zone,
except that the data in the serviceConnectionPoint objects is associated with
Active Directory user and group objects stored in RFC 2307-compliant attributes.
For RFC 2307-compatible zones, IBM Security makes use of a Windows Server feature,
called Dynamic Auxiliary Classes, to dynamically bind posixAccount or posixGroup
instances to the serviceConnectionPoint objects.
Binding the posixAccount or posixGroup to the user or group
serviceConnectionPoint results in an Active Directory object with:
-
Two object classes: the
serviceConnectionPointobjectClass and theposixAccountorposixGroupobjectClass. -
Two sets of attributes: those contributed by the
serviceConnectionPointobject and those contributed byposixAccountorposixGroupobject.
The structure of the zone and its sub-containers is the same as the classic
IBM Security zone layout, with each zone stored as a separate tree in the directory
and sub-containers for the Users, Groups, and Computers in each
zone, but you can use attributes from the posixAccount or posixGroup objectClass
to store data in the RFC 2307-compliant format. Storing the data in RFC
2307-compliant attributes enables the information to be used by applications that
conform to the RFC 2307 standard.